One of the largest Bitcoin exchange platforms based in South Korea, Bithumb, got hacked. Bithumb is one of the largest Bitcoin exchanges with a total of 75.5% share in the South Korean market and the fourth in the world. Its hosts a total of around 13000 Bitcoin trading volume per day and in terms of the global Bitcoin trade, it does up to 10% of the total trade.
Bithumb not only focuses on Bitcoin, but also does ether as well accounting for up to 44% of the total South Korean ether trading.
The cyber-attack happened late last week resulting to losses in billions of won; the hackers not only took the Bitcoins but also personal information of the website users – this includes personal data of up to 31,800 users. Part of the information they took include the email addresses, phone numbers and names. According to the company, 31, 800 only represent 3% of the total users which is actually good for the company as they would have lost even more, but still a significant breach.
As soon as Bithumb discovered the breach, they reported the details to the relevant authorities, that was on June 30. There are many customers however who also filed a complaint with the National Police Agency’s cybercrime report centre.
Even though Bithumb admitted that their site was hacked, they are insisting that there was still no access to the funds stored in the exchange. They are claiming that since the hackers took the details of the users of the site, this may have given them access to the customers wallets allowing them to empty those targeted customer wallets.
According to Bithumb, it was a single employee’s pc that got hacked and not the whole system. The claims however suggest that this might not be true as different users lost their money in different ways. There have also been cases of voice phishing where the attackers would call the victims and pose as representatives of Bithumb. One of the victim claimed he got a call from a Bithumb representative asking for his onetime password which made him lose up to ten million won.
To deal with the hacking claims, the company promised to compensate victims for leakage of personal information and they would get up to $870 per person. The company had still not decided on compensation for other damages.
The company reported the hacking incident to Korea Communications Commission, the Korea Internet & Security Agency (KISA) and the supreme prosecutor’s office. The lack of regulation of digital currencies in Korea however complicates the situation. It is unclear whether the exchange firm had something to do with the hacking and whether it is legally responsible for the lost funds.
To deal with this kind of situations in future, there is a bill that is being prepared that will govern Electronic Financial transaction Act and give all cryptocurrencies a legal standing. According to the bill, companies have to have a capital base of over 500 million won, have enough human resource and computerized equipment to be allowed to deal with cryptocurrencies. Those who make an income from cryptocurrencies will also have to report to the relevant regulations.